fartyalvikram Contributor.
Contributor.
966 views

Downgrade NICI from 2.7.7 to 3.0.0

I have one eDirectory Servers, version is NetIQ eDirectory 8.8 SP8 v20811.09 installed on Red Hat Enterprise Linux Server release 6.8 (Santiago).
I have installed iManager 3.0.0 on the same server and my NICI is upgraded from 2.7.7 to 3.0.0.
Now I want to uninstall iManager because this should be iManager 2.7.7 with eDirectory 8.8.
And I have to downgrade NICI from 3.0.0 to 2.7.7.
So is it possible.
Labels (1)
0 Likes
7 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Downgrade NICI from 2.7.7 to 3.0.0

Sure, but you never should have put NICI 3.x on there with eDirectory 8.x;
there should have been a warning telling you that during the install of
iManager 3.x.

NICI is just an RPM, so removing the current one and then installing an
older one is easy. If you have a choice, though, just upgrade eDirectory
to 9.x (9.1 came out last week) so you can be on a supported version as
8.x is no longer supported other than on OES 2015 SP1 (if current).


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Downgrade NICI from 2.7.7 to 3.0.0

When I run "rpm -qa | grep nici" command, they gives the following output
nici64-3.0.0-0.00.x86_64
nici-3.0.0-0.00.i586

So I need to run the following command to uninstalling the NICI 3.0.0
rpm -e nici64-3.0.0-0.00.x86_64
rpm -e nici-3.0.0-0.00.i586

Is it correct?

For installing the NICI 2.7.7, I got the following output when I run "find /tmp/iso/ -name nici*" command for finding the rpm package of NICI
/tmp/iso/products/Designer/components/nici
/tmp/iso/products/Designer/components/nici/nici.i586.rpm
/tmp/iso/products/Designer/components/nici/nici.x86_64.rpm
/tmp/iso/products/eDirectory/x64/setup/32-bit/nici-2.7.7-0.02.i586.rpm
/tmp/iso/products/eDirectory/x64/setup/32-bit/utils/nicif2dc
/tmp/iso/products/eDirectory/x64/setup/32-bit/utils/nici_mode_test
/tmp/iso/products/eDirectory/x64/setup/nici64-2.7.7-0.02.x86_64.rpm
/tmp/iso/products/iManager/installs/linux/packages/edir/rpms/nici-2.7.7-0.02.i586.rpm

So I think we need to install the following rpm package, is it correct?
rpm -ivh /tmp/iso/products/eDirectory/x64/setup/32-bit/nici-2.7.7-0.02.i586.rpm
rpm -ivh /tmp/iso/products/eDirectory/x64/setup/nici64-2.7.7-0.02.x86_64.rpm

Do we need to uninstall first iManager 3.0.0 then perform uninstalling and installing NICI?
Do we need to take backup of NICI or anything else?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Downgrade NICI from 2.7.7 to 3.0.0

On 03/06/2018 01:24 AM, fartyalvikram wrote:
>
> When I run "rpm -qa | grep nici" command, they gives the following
> output
>
> Code:
> --------------------
> nici64-3.0.0-0.00.x86_64
> nici-3.0.0-0.00.i586
> --------------------
>
> So I need to run the following command to uninstalling the NICI 3.0.0
>
> Code:
> --------------------
> rpm -e nici64-3.0.0-0.00.x86_64
> rpm -e nici-3.0.0-0.00.i586
> --------------------


Yes, true. You may need to add --nodeps IF (and only if) things complain
about how you are taking away their dependencies. This is basically
because you are stealing NICI from the system for a minute and the system
wants to wan you that you are breaking things.

Stop eDirectory first, too, just in case.

> For installing the NICI 2.7.7, I got the following output when I run
> "find /tmp/iso/ -name nici*" command for finding the rpm package of
> NICI
>
> Code:
> --------------------
> /tmp/iso/products/Designer/components/nici
> /tmp/iso/products/Designer/components/nici/nici.i586.rpm
> /tmp/iso/products/Designer/components/nici/nici.x86_64.rpm
> /tmp/iso/products/eDirectory/x64/setup/32-bit/nici-2.7.7-0.02.i586.rpm
> /tmp/iso/products/eDirectory/x64/setup/32-bit/utils/nicif2dc
> /tmp/iso/products/eDirectory/x64/setup/32-bit/utils/nici_mode_test
> /tmp/iso/products/eDirectory/x64/setup/nici64-2.7.7-0.02.x86_64.rpm
> /tmp/iso/products/iManager/installs/linux/packages/edir/rpms/nici-2.7.7-0.02.i586.rpm
> --------------------
>
> So I think we need to install the following rpm package, is it correct?
>
> Code:
> --------------------
> rpm -ivh /tmp/iso/products/eDirectory/x64/setup/32-bit/nici-2.7.7-0.02.i586.rpm
> rpm -ivh /tmp/iso/products/eDirectory/x64/setup/nici64-2.7.7-0.02.x86_64.rpm
> --------------------


Looks good to me.

> Do we need to uninstall first iManager 3.0.0 then perform uninstalling
> and installing NICI?
> Do we need to take backup of NICI or anything else?


Yes; you should get rid of iManager first, as it will not work anyway with
only NICI 2.7.
Backing up NICI data is not a bad idea, but is probably not required as I
do not believe it will be removed. Still, be sure you have a backup or VM
snapshot or something; data reside in /var/opt/novell/nici and you should
back them up as 'root':


tar -jcvf /root/$(date +%Y%m%d-%H%M%S)-nici.tbz /var/opt/novell/nici


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Downgrade NICI from 2.7.7 to 3.0.0

Thanks for reply, right now the issue is that.
I can able to access my eDirectory by using iManager which is installed on other server.
I can able to connect my eDirectory from LDAP Browser using Port 389 but when I try to connect using Port 636 I am getting the following error
The authentication failed
- SSL handshake failed.
org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed.
at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4190)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1314)
at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1212)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:357)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1163)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:449)
at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:295)
at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:127)
at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
SSL handshake failed.

I can able to connect using telnet on both port 636 and 389.
So the above error is because my NICI 3.0.x is not compatible with eDir 8.8.x, is it correct?
If yes so is there any other solution except uninstalling and installing NICI and all stuff?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Downgrade NICI from 2.7.7 to 3.0.0

On 03/06/2018 11:14 AM, fartyalvikram wrote:
>
> Thanks for reply, right now the issue is that.
> I can able to access my eDirectory by using iManager which is installed
> on other server.
> I can able to connect my eDirectory from LDAP Browser using Port 389 but
> when I try to connect using Port 636 I am getting the following error
>
> Code:
> --------------------
> The authentication failed
> - SSL handshake failed.
> org.apache.directory.ldap.client.api.exception.InvalidConnectionException: SSL handshake failed.
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.writeRequest(LdapNetworkConnection.java:4190)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bindAsync(LdapNetworkConnection.java:1314)
> at org.apache.directory.ldap.client.api.LdapNetworkConnection.bind(LdapNetworkConnection.java:1212)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper$2.run(DirectoryApiConnectionWrapper.java:357)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.runAndMonitor(DirectoryApiConnectionWrapper.java:1163)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.doBind(DirectoryApiConnectionWrapper.java:449)
> at org.apache.directory.studio.connection.core.io.api.DirectoryApiConnectionWrapper.bind(DirectoryApiConnectionWrapper.java:295)
> at org.apache.directory.studio.connection.core.jobs.CheckBindRunnable.run(CheckBindRunnable.java:79)
> at org.apache.directory.studio.connection.ui.RunnableContextRunner$1.run(RunnableContextRunner.java:127)
> at org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:119)
> SSL handshake failed.
> --------------------
>
> I can able to connect using telnet on both port 636 and 389.
> So the above error is because my NICI 3.0.x is not compatible with eDir
> 8.8.x, is it correct?


I would not assume that. Either way, as mentioned before, I'd upgrade
eDir rather than downgrading NICI, but it's your environment.

> If yes so is there any other solution except uninstalling and installing
> NICI and all stuff?


If your whole reason for wanting to downgrade NICI is to fix LDAPS, I
think you should probably verify the problem with TLS/SSL more first. Be
sure you have Apache Directory Studio configured properly to always use
SSL, rather than the StartTLS functionality which is only valid for TCP
389. Maybe try that though, on TCP 389, to see if it works. That uses
the same Key Material Object (certificate) as LDAPS, even though it is
over TCP 389, so it may be useful to see how that works.

Another option may be ot use the local system's command line, something
like this:


LDAPTLS_REQCERT=allow ldapsearch -x -LLL -H ldaps://127.0.0.1:636 uid=admin dn


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
fartyalvikram Contributor.
Contributor.

Re: Downgrade NICI from 2.7.7 to 3.0.0

I am facing that issue why I am not able to connect eDir using 636 port.
So I thought that, this issue is related to NICI version update that's why I am asking for downgrade NICI from 3.0.0 to 2.7.7.
How can I check the logs for TLS/SSL because I am not getting anything inside the ndsd.log of eDir.
When I run "curl https://192.168.1.111:636 -k" command on 192.168.1.111 server, here 192.168.1.111 is my eDir server. I got the following output
curl: (35) SSL connect error

And on the other server 192.168.1.112 where other eDir is installed I got the following output if I run the same command "curl https://192.168.1.112:636 -k"
0$x
▒1.3.6.1.4.1.1466.20036


I can able to connect eDir 192.168.1.112 via LDAP browser using port 636 but not able to connect with 192.168.1.111.
On both 192.168.1.111/112 eDir server, same version is installed of eDirectory, only difference is that on 192.168.1.111 have NICI 3.0.0 and on 192.168.1.112 have NICI 2.7.7.
0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Downgrade NICI from 2.7.7 to 3.0.0

Your best bet is probably to use ndstrace:



ndstrace
set dstrace=nodebug
dstrace +time +tags +ldap +init
dstrace file on
set dstrace=*r
unload nldap
load nldap
dstrace file off
quit



The default location for the ndstrace.log file is
/var/opt/novell/eDirectory/log/ndstrace.log so if you can post the output
here that may help us better understand what is happening.


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.